package com.gjp.interceptors;

import java.util.List;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.shiro.SecurityUtils;
import org.apache.shiro.subject.Subject;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;

import com.gjp.bean.Resource;
import com.gjp.service.UserService;

public class SecurityInterceptor implements HandlerInterceptor {
	
	@Autowired
	UserService userService;

	
	/**  
     * 在业务处理器处理请求之前被调用  
     * 如果返回false  
     *     从当前的拦截器往回执行所有拦截器的afterCompletion(),再退出拦截器链 
     * 如果返回true  
     *    执行下一个拦截器,直到所有的拦截器都执行完毕  
     *    再执行被拦截的Controller  
     *    然后进入拦截器链,  
     *    从最后一个拦截器往回执行所有的postHandle()  
     *    接着再从最后一个拦截器往回执行所有的afterCompletion()  
     */
	@Override
	public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
			throws Exception {
	     String requestUri = request.getRequestURI();  
	     String contextPath = request.getContextPath();  
	     String url = requestUri.substring(contextPath.length());  
	     Subject subject = SecurityUtils.getSubject();
	     System.out.println("requestUri:"+requestUri);    
	     System.out.println("contextPath:"+contextPath);    
	     System.out.println("url:"+url); 
	     //登录页面直接跳过，不做判断。实际开发中，这些地址可以写在配置文件中
	     if ("/shiro/login".equals(url)) {
	    	 return true;
	     }
	     
	     
	     if (subject == null) {
	    	 System.out.println("没有登录");
	     } else {
	    	 String userName = subject.getPrincipal().toString();
	    	 List<Resource> resourceList = userService.getResourcesByUserName(userName);
	    	 if (resourceList == null || resourceList.size() == 0){
	    		 System.out.println("该人没有权限啊");
	    	 }
	    	 
	    	 if (resourceList != null && resourceList.size() > 0) {
	    		 boolean flag = false;
	    		 for (Resource r : resourceList) {
	    			 if (r.getUrl().equals(url)){
	    				 flag = true;
	    			 }
	    		 }
	    		 if (!flag) {
	    			 System.out.println("其实SecurityInterceptor已经拦截到了，只不过没有处理。");
	    		 }
	    	 }
	    	 
	     }
	     
	        
		return true;
	}

	
	/** 
     * 在业务处理器处理请求执行完成后,生成视图之前执行的动作    
     * 可在modelAndView中加入数据，比如当前时间 
     */  
	@Override
	public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler,
			ModelAndView modelAndView) throws Exception {
	}

	
	/**  
     * 在DispatcherServlet完全处理完请求后被调用,可用于清理资源等   
     *   
     * 当有拦截器抛出异常时,会从当前拦截器往回执行所有的拦截器的afterCompletion()  
     */   
	@Override
	public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex)
			throws Exception {
	}

}
